Smart Phone

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

A Smart Phone is a mobile device that can download Native Apps or Progressive Web Apps for contacting Web Sites as well as traditional mobile services like calling and messaging.

Context

  • The computing power of a Smart Phone today is beyond that of any computer of 25 years ago. The connectivity of a Smart Phone is beyond that of any computer of 25 years ago. Now anyone of modest means can carry one with them nearly anywhere they want to go. Clearly society will feel the impact of this leap of technology. And its impact for personal Identity can only be guessed at.
  • Pew research report Enhanced Patient Matching Is Critical to Achieving Full Promise of Digital Health Records. While the report's first solution was a universal health Identifier, they realize the blockers to that in the US and the second solution was patient oriented solutions like the Smart Phone.

PhoneAuthn.png

Problems

  • Smart Phones are valuable, both in their own right, and as access to user information. Theft is common.
  • Telephone numbers can be reassigned by attacks against the telco self-service web sites or even the manned service locations.

Solutions

The Smart Phone will be provisioned with a variety of Native Apps when acquired by the user. A number of these apps, like email, will require the user to sign-in using some Identifier or Attribute Provider that also provides Authentication to unrelated third parties. For example Google Android or Apple iCloud services can be sued to sign-in to sites that recognize the OpenID Connect protocol that they use.

Smart Phone role in Authentication

The Smart Phone can serve a variety of roles in the process of Authentication of the user and Authorization of user access to User Information held on Web Sites. The major services are these:

  1. The phone can store authentication information that is displayed to a reader in a physical device owned by the Relying Party. The information may include the user name only or user name and password or other authentication information.
  2. The phone supports blue tooth and payment NFC protocols that can be sued in a reader in a physical device owned by the Relying Party, or on the user's desktop computer.
  3. An Authentication Native App can be loaded onto the phone from existing Authentication providers, like Microsoft or Google.

Smart Phone Hardware Security

Smart Phone storage of user information

The Smart Phone can both collection user information from a variety of sources and then turn around and send that data to web sites that need the information. This process of sourcing and sinking data can be entirely on the Smart Phone itself, or in conjunction with a Web Site that acts as a back-end for a Web App on the phone.

References